Pavel Valach  Mar 14
Chao-c'

This is call for all moderators of Mastodon instances with open registration policy: let's cooperate, let's fight botnets together. We can share mail domains and blocked IP addresses.

I am trying to keep registrations open for the next big wave of Mastodon migration, which I believe is inevitable.

There are very few actual humans, willing to do some sustained harm - most of the malicious activity are bots. And we can track where they register and operate from. Ultimately, we can learn who is doing this shit and who pays for it...

#mastodon #moderation

Mar 12 at 7:53amWeb
Show threadmirek kratochvilMar 12
@xChaos hey is there DNSBL support for mastodons? imo that would be great. Solves so much mail spam.
Show threadChao-c'Mar 12

@exa I am not sure, if it can be configured automatically. I was thinking about manual lists. But it is just SQL table anyway, so importing any existing list into SQL table should be easy.

Botnets use each mail domain only few times, because co-hosted managed Mastodon instances probably somehow share the blocked mail domains and IP lists, which saves them lot of work.

But blocking is not enough. I wonder who is running the botnets. If we have databases of those weird .com domains, we can somehow figure out who pays for them. The IPs are probably IPs of compromised machines, so the owner of the IP can be contacted and honeypot installed.

The blocking is not enough... we need to analyze the situation. The common understanding is, that they are Russian propaganda botnets, but it is more than that. They are somehow AI powered, and they may be run by some actor, which is just willing to hire the botnet to anybody, who pays them (including Russian propaganda).

Instead of closing registrations, which means giving up future migrations from corporate networks, we need to somehow think about it. If they are trying to abuse us, it means, that they take us seriously. But who are they?

Show threadmirek kratochvilMar 12

@xChaos nah the usual issue is the same as with mail spam: if you equip a random someone with $1000 and a small botnet access, they can send disproportionately more spam&hate than you can ever prevent for the same amount of investment. That's the economy of the thing, and for our beloved hate sources these resources are negligible.

The only way out is to equip cheapest tools that probabilistically decrease the chance of success as much as possible. Spam stops once the cost is not ignorable.

Show threadmirek kratochvilMar 12

@xChaos Finding Re who they are: From what I saw, the end point is almost always script kids.

Making pocket money for their next thing. Likely learning a lot. Working up the chain. :)

Show threadmirek kratochvilMar 12

@xChaos like, it's not a completely trivial thing to set up. The actual NS infrastructure is pretty cheap (I ran one!) but you need to feed it with stats and data, and with mail that's traditionally done with honeypots. Abuse response times are close to instant.

(tbh no clue why we don't have a DNSBL for AI crawlers, these are so easily honeypottable that it could work)

Show threadChao-c'Mar 12

@exa the botnets I am talking about operating from wind range of IP addresses. Probably some of the are compromised PCs, who knows.

With e-mail, I always felt, that the spammers would always have the upper hand, which turned out to be true. With ActivityPub, I think our chances are better, but the question of new registrations is more important, than it seems. We simply need new immigrants into Fediverse.

Show threadmirek kratochvilMar 12

@xChaos yeah, closing the registrations basically defeats the purpose. That declares that the spam has won.

Meticulous moderation on all layers with instant impact would be the best way to go IMO, kinda like on the old stackoverflows or so. But that needs lots of software and organization.

Show threadChao-c'Mar 12

@exa I am pretty sure eg. name.ng is worth blocking - they use 3rd level domains, which they probably get for free, as mail servers.

For other mail servers, it is not so easy. Most of domains are used just once, recently. Some of the resolve to tinyhost.shop, so I will see attempt counter directly on the MX.

It is obvious, that they are not able to maintain large number of fake registration accounts at big sites like gmail.com and they are forced to fully fake mail servers.

I wonder, what Internet could look like, if we started with something like ActivityPub from the scratched and skipped the entire e-mail game, which was flawed from the very beginning...

Show threadDalimil Žák 🇨🇿 🇺🇦Mar 12
@xChaos Maybe try to come up with a joint project with @CrowdSec